[vox] Exploits for non-admin accounts in Windows?

Ryan cjg5ehir02 at sneakemail.com
Wed Mar 23 23:01:01 PST 2005


On Wednesday 23 March 2005 09:32 pm, Richard Crawford 
rscrawford-at-mossroot.com |lugod| wrote:
> Yes, it's a Windoze question, but I'm trying to make a point with
> someone who wants to build me a crippled computer for my development
> workstation.
>
> I was told today by the IT manager in our office that if you don't run
> your Windows computer as an administrator, you never need to worry about
> adware and spyware and viruses.  This seems like an awfully fishy claim
> to me, but maybe I'm just over-paranoid.  Am I?

As Greg said, crap can still pwn the user account. Besides that, there are 
plenty of methods of privlage escalation on windows boxes. Do a google search 
on 'shatter attacks', for an example that immediatly comes to mind. I'm sure 
there are plenty of other privlage escalation tricks.

I've heard of any software actualy tring to escalate privlages on a user 
account, but that doesn't mean that there isn't any, or won't be any. 

-- 
Ryan Castellucci - http://ryanc.org/
GPG Key: http://ryanc.org/files/publickey.asc


More information about the vox mailing list